Share this Job

ITGC Compliance Manager


King Of Prussia, PA, US

Company:  AmeriGas Propane, Inc.

When you work for AmeriGas, you become a part of something BIG! Founded in 1959, AmeriGas is the nation’s premiere propane company, serving over 2 million residential, commercial, industrial and motor fuel propane customers.  Together, our 8,500 dedicated professionals will deliver 1.5 billion gallons of propane from 1,400 distribution points across the United States.

Job Summary (Purpose): 


Reporting to the Director of IT Risk Management, the ITGC Compliance Manager will have primary responsibility for ensuring effectiveness of all IT General Controls (ITGCs).  The manager will act as the primary point of contact between IT and internal / external auditors to provide leadership in managing auditing activities, requests and developing responses to audit findings. 


Key Characteristics:


• Sound understanding of security and control principles including logical access controls, change control, least privilege, segregation of duties, computer operations, network security, vulnerability management, and secure coding
• Broad technical understanding of data management platforms (e.g., SAP, PeopleSoft, Oracle, Microsoft SQL Server, etc.) and associated data security controls
• Strong technology acumen and the ability to assess data privacy gaps in products/services design


Duties and Responsibilities:


• Provide quality assurance of all IT General Controls through assessment, walkthroughs, and audits to ensure operational effectiveness of those security controls.
• Identify risks and gaps and facilitate remediation
• Provide risk metrics to management regarding audit performance and findings
• Assist control owners with root cause analysis and track risk management action plan progress
• Guide efforts to create common control framework and uniform compliance reporting standard
• Performing examination of security controls to determine design and operational effectiveness
• Conducting IT controls management testing of controls independent of the audit schedule to save time during audits
• Identifying and tracking assessment/audits using performance metrics
• Implementing and supervising the issue tracking and resolution process
• Reviewing the audit assessments conducted by both internal and external audit teams
• Collaborating with both internal and external auditors
• Planning and conducting third-party vendor assessments
• Reviewing third-party vendor attestation and audit reports, and providing feedback to business leaders and risk owners

Knowledge, Skills and Abilities:


• Strong working knowledge of SOX controls
• Expert understanding of data classification, data protection, and data retention standards and practices
• Familiarity with common enterprise and web application technologies
• Expert understanding of data protection regulations and standards (e.g., PCI, Safe Harbor, EU Data Protection Directive, etc.)
• Strong analytical and time management skills
• Ability to maintain a high degree of confidentiality


Education and Experience Required:

• Bachelor’s Degree in Business, Accounting, Information Technology, or other quantitative discipline
• 10+ years of broad privacy and data protection, compliance or legal experience
• 5+ years of audit/assessment experience with PCI and/or SOX
• Experience with project management best practices
• Experience with common information security management frameworks, such as International Organization for Standardization (ISO) 2700x, ITIL, CSC20, COBIT and National Institute of Standards and Technology (NIST) frameworks


Preferred Requirements:

• Certified Information Security Auditor (CISA)
• PMI Project Management Professional (PMP)
• Payment Card Industry (PCI) Internal Security Assessor (ISA)
• Certified Information Privacy Professional (CIPP) or Certified Information Privacy Manager (CIPM)
• Industry Standard Security certifications including: SANS/GIAC GSNA, ISACA CISM, ISC2 CISSP, and ISC2 CSSLP.

AmeriGas is a Drug Free Workplace.  Candidates must be able to pass a pre-employment drug screen and a criminal background check.  AmeriGas is an Equal Opportunity Employer.

Nearest Major Market: Philadelphia

Job Segment: Compliance, ERP, Risk Management, Oracle, Database, Legal, Technology, Finance